Hi Go,
> On 24. Nov 2020, at 00:06, Go Iwai <[email protected]> wrote:
>
> Hello Dirk,
>
> Thank you for replying to the mail. However, your code doesn't work for the
> resource of exec like below:
>
> exec { '/path/to/decrypted-file':
> command => 'eyaml decrypt --file=/path/to/encrypted-file >
> /path/to/decrypted-file',
> # ...snip
> }
You want to create a file based on eyaml encrypted content.
That means that you must ensure that eyaml is installed on any system which
receives the exec resource.
A better solution is to use class parameters:
class xxx::zzz (
String $content,
){
file { '/path/to/decrypted-file':
ensure => file,
content => $content,
}
}
And then have the encrypted file content in hiera:
xxx::zzz::content: >
ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEw
DQYJKoZIhvcNAQEBBQAEggEAmporEXibvTRjR+81UCj7xHmSLk9bQw91jETE
PXcdlpvs6g4YqJUy+D8H0F2puVeVDFcpXBKSzv29NYzjZS7ZiJj/SezB+rRu
9Duk57tUW2Ly+ECuTwZCwkjKuDuY6XLQXayRGP39dxS+gCvJiNwxHN2i3XRG
m+S/vqkQVJITT6Etra8XWgsVdF0XqBDDcqRnF60xr7vk4sQq/RujFyV9+/hr
gw/qnKFfewdb27TkRCO9eHp00jEfTdHrg/GrhMkv/BfcodMuuqiSh/EfWPfG
8MPrPmSSAHktgKY81/lPHiz73OAaf7p7HSSclWpCUYUHiHGsi6gPLN9e3PoY
Br4TmjA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBBxlWjEC2Ij08R/N7Vo
63EagBB6T4EMZSB/2E6dW8NFQP7o]
hth,
Martin
>
> This generates a notice like:
>
> Notice: /Stage[main]/xxx::zzz/Exec[/path/to/decrypted-file]/returns:
> [hiera-eyaml-core] No such file or directory @ rb_sysopen -
> ./keys/private_key.pkcs7.pem
>
> I can workaround this if I gave the directory, where keys are located, to an
> attribbute of cwd like:
>
> cwd => /etc/puppetlabs/code,
> # pkcs7_private_key: '/etc/puppetlabs/code/keys/private_key.pkcs7.pem'
> # pkcs7_public_key: '/etc/puppetlabs/code/keys/public_key.pkcs7.pem'
>
> I gratefully thank for any further advises.
>
> Kind regards,
> Go
>
> 2020年11月24日火曜日 0:55:31 UTC+9 Dirk Heinrichs:
> Am Montag, den 23.11.2020, 15:23 +0900 schrieb Go Iwai:
>
>> It looks more natural if I could rewrite this line above like below:
>>
>> eyaml decrypt --file=encrypted-file
>> --pkcs7-public-key=%{pkcs7_public_key}
>> --pkcs7-private-key=%{pkcs7_private_key}
>
> I don't think you need to specify these options at all if everything is
> configured correctly. I have the following hiera.yaml in my Puppet
> environments:
>
> ---
> version: 5
> defaults:
> datadir: hiera
> lookup_key: eyaml_lookup_key
> hierarchy:
> - name: Main
> options:
> pkcs7_private_key: '/etc/puppetlabs/code/keys/private_key.pkcs7.pem'
> pkcs7_public_key: '/etc/puppetlabs/code/keys/public_key.pkcs7.pem'
> paths:
> - ...
> - common.yaml
>
> With this in place I can simply type "eyaml edit common.yaml" or "eyaml
> encrypt -s 'something'", w/o specifying the keys every time.
>
> HTH...
>
> Dirk
> --
> Dirk Heinrichs
> Senior Systems Engineer, Delivery Pipeline
> OpenText ™ Discovery | Recommind
> Phone: +49 2226 15966 18
> Email: [email protected]
> Website: www.recommind.de
> Recommind GmbH, Von-Liebig-Straße 1, 53359 Rheinbach
> Vertretungsberechtigte Geschäftsführer Gordon Davies, Madhu Ranganathan,
> Christian Waida, Registergericht Amtsgericht Bonn, Registernummer HRB 10646
> This e-mail may contain confidential and/or privileged information. If you
> are not the intended recipient (or have received this e-mail in error) please
> notify the sender immediately and destroy this e-mail. Any unauthorized
> copying, disclosure or distribution of the material in this e-mail is
> strictly forbidden
> Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte
> Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail
> irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und
> vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte
> Weitergabe dieser Mail sind nicht gestattet.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/8e51cbb0-02bd-4999-b89b-ea656c139018n%40googlegroups.com.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/A4F93322-D105-4219-9436-9DDB152DC4B8%40gmail.com.
